Yesterday my domain, which has Cloudflare active, was down about 1 hour when I noticed it. There was many connections from a single ip, I used iptables and Cloudflare ip firewall to block the ip and everything was good. What I don’t understand is , as the bandwith hike is very clear, why wasn’t it was stopped by Cloudflare ? Is it a setting I had was wrong or what ? I had security level: Low . What must I do for the next time to be stopped by Cloudflare automatically ? If I have to manually identify and stop attacks , why should I use Cloudflare ? I mean I had soıme experience with detecting attacks , So I could identify an ip and block it manually but next time I want to be prepared. This is the bandwith hike I saw on analytics:
Iptables wont help you in this case as the connection will always originate from Cloudflare. However blocking that address with an access rule will do the trick.
The problem simply was the security level, if you increase that similar attacks are more likely to be stopped.
Thanks very much for your answers. Is setting this setting to HIGH may damage usage of APIs on this website or should I set to medium according to your experience ?
There is a chance that it might interfere in these cases. If you know the IP addresses in advance you can allowlist them. Your best bet is to play a bit with the settings and check what works best for you.
